News Room

To Zoom or Not to Zoom: Addressing a Crucial Cybersecurity Question

July 2, 2020

This post was originally published by Sid Yenamandra at Smarsh.

Eight tips to help advisors balance between security and convenience with Zoom

Though shelter-in-place orders and working from home have become the new normal, the reality is that most businesses are not prepared to protect their employees and their devices from cyber criminals in a remote work environment. That’s especially true for the wealth management industry.

Let’s start with the fact that most employee-owned devices are not appropriately protected. Many broker-dealers, banks, insurance companies and RIA firms have stepped up their efforts to address some of the most glaring weaknesses. But for others, cybersecurity issues are only becoming more challenging as a surge of professionals flock to Zoom and other video conferencing platforms to meet with clients and collaborate with colleagues.

How Financial Services Firms Can Vet Zoom

Indeed, very few IT managers have had the opportunity to vet these tools, even as they are now known to present a series of security and compliance challenges.

Wealth management professionals are gauging how much risk the use of the Zoom platform introduces. Here are eight tips to keep you and your organization safe on Zoom:

  • Use the latest version. Be sure you are always using the latest version of the application so that your endpoint is protected against known security issues.
  • Never share your Zoom meeting ID publicly. Posting meeting IDs publicly makes it easy for hackers to infiltrate your account by guessing your password. This could result in “zoombombing” or someone getting access to your private chat transcripts or files.
  • Share your meeting password securely. Treat your Zoom meeting password the same way as you would treat your sign-in credentials for your bank account or company workspace. Also, use two-factor authentication, which dramatically lowers the likelihood of getting compromised.
  • Set preferences to host-only. Resist the temptation to designate a co-host, because it increases the likelihood that a breach could take place. What’s more, shut off file transfer, camera and audio settings for all participants. That leaves one person in control of the conference. The end goal is to minimize the possibility that an interloper could gain access.
  • Pay for the enterprise plan. If you are relying on Zoom for business, it’s better to upgrade to the pro or enterprise plans rather than using freemium services.
  • Beware of Zoom phishing emails. If you get a meeting invite from someone with whom you are not familiar, you can log in to the call by connecting to the Zoom website and then manually keying in the meeting ID. That will ensure that the invite is valid. Otherwise, it could be a phishing email aimed at getting you to click a link that will end up harming your device.
  • Perform endpoint hygiene. Patch the endpoints used to access Zoom with up-to-date anti-virus and anti-malware software and make sure to enable device or file-level encryption. These steps will not only help to prevent compromises, but they will serve to mitigate the damage should they occur.
  • Use VPN when possible. This minimizes the likelihood of a man-in-the-middle or denial-of-service attack that could disrupt your productivity. VPNs could create some network bottlenecks, especially if you don’t have much bandwidth to spare, but they will ensure that your sessions have end-to-end encryption, something that most regulators require.

To Zoom or not to Zoom? For wealth management professionals who need to drive as much continuity of service and connection with clients and colleagues, this is an important cybersecurity question.

But by following the right cybersecurity safeguards as outlined here, it doesn’t need to become an existential question for your business.

About the Author
Sid Yenamandra, Founder & CEO at Entreda

Sid Yenamandra co-founded Entreda, the leading provider of comprehensive cybersecurity software, systems and training to the wealth management industry, in 2011 and oversees all aspects of the company’s vision and day-to-day operations. Prior to Entreda, Sid served as vice president of product and business development at Plato Networks, which he sold to Netlogic Microsystems and subsequently was acquired by Broadcom for $4 billion. Prior to Plato Networks, Sid worked on several Silicon Valley ventures and was part of an elite, NSA-funded team that developed a Suite B flow-through cryptographic processor to protect critical U.S. infrastructure. Sid holds Bachelor of Science degrees in Electrical Engineering and Computer Science from University of California Berkeley.